package com.hexus.eve.actions.security;

import java.util.ResourceBundle;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.dao.ReflectionSaltSource;
import org.springframework.security.authentication.encoding.ShaPasswordEncoder;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.provisioning.JdbcUserDetailsManager;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;


import com.opensymphony.xwork2.ActionSupport;

public class ChangePassword extends ActionSupport {
	private static final long serialVersionUID = 1L;
	
	@Autowired
	private ShaPasswordEncoder shaEncoder;
	@Autowired
	private ReflectionSaltSource saltSource;
	@Autowired
	private AuthenticationManager authenticationManager;
	
	private Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
	
	private String password = "";
	private String oldPassword = "";
	private String passwordConfirmation = "";
	
	@Autowired
	private JdbcUserDetailsManager userService;

	@Override
	public String execute() throws Exception {
		String username = principal.toString();
		if (principal instanceof UserDetails) {
			username = ((UserDetails)principal).getUsername();
		}	
		
		//User service doesn't support salt by default, need to do it manually
		userService.changePassword(oldPassword, shaEncoder.encodePassword(password, saltSource.getSalt((UserDetails)principal)));

		//Re-authenticate user
		SecurityContextHolder.getContext().getAuthentication().setAuthenticated(false);
	    Authentication authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, password));
	    SecurityContextHolder.getContext().setAuthentication(authentication);
	    
		return ActionSupport.SUCCESS;
	}

	@Override
	public void validate() {
		String p = "";
		String o = oldPassword;
		
		if(principal instanceof UserDetails)
			o = shaEncoder.encodePassword(o, saltSource.getSalt((UserDetails)principal)) ;

		if (principal instanceof UserDetails) {
			p = ((UserDetails)principal).getPassword();
			if(!p.equals(o)) {
				ResourceBundle bundle = ResourceBundle.getBundle ("global", getLocale());				
				addFieldError("oldPassword", bundle.getString("validation.old.password.incorrect"));
			}
		}
	}
	
	public String getPassword() {
		return password;
	}

	public void setPassword(String password) {
			this.password = password;
	}

	public String getOldPassword() {
		return oldPassword;
	}

	public void setOldPassword(String oldPassword) {
		this.oldPassword = oldPassword;
	}

	public String getPasswordConfirmation() {
		return passwordConfirmation;
	}

	public void setPasswordConfirmation(String passwordConfirmation) {
		this.passwordConfirmation = passwordConfirmation;
	}
	
}
